this post was submitted on 21 Jan 2025
25 points (83.8% liked)

Android

28383 readers
272 users here now

DROID DOES

Welcome to the droidymcdroidface-iest, Lemmyest (Lemmiest), test, bestest, phoniest, pluckiest, snarkiest, and spiciest Android community on Lemmy (Do not respond)! Here you can participate in amazing discussions and events relating to all things Android.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules

1. All posts must be relevant to Android devices/operating system.

2. Posts cannot be illegal or NSFW material.

3. No spam, self promotion, or upvote farming. Sources engaging in these behavior will be added to the Blacklist.

4. Non-whitelisted bots will be banned.

5. Engage respectfully: Harassment, flamebaiting, bad faith engagement, or agenda posting will result in your posts being removed. Excessive violations will result in temporary or permanent ban, depending on severity.

6. Memes are not allowed to be posts, but are allowed in the comments.

7. Posts from clickbait sources are heavily discouraged. Please de-clickbait titles if it needs to be submitted.

8. Submission statements of any length composed of your own thoughts inside the post text field are mandatory for any microblog posts, and are optional but recommended for article/image/video posts.

Community Resources:

We are Android girls*,

In our Lemmy.world.

The back is plastic,

It's fantastic.

*Well, not just girls: people of all gender identities are welcomed here.

Our Partner Communities:

[email protected]

founded 2 years ago
MODERATORS
MargotRobbie
Rooki
Thekingoflorda
L3s
_MoveSwiftly
25
Is it possible to trick apps that check for "authentic and secure" android firmware? (moist.catsweat.com)
submitted 1 day ago by [email protected] to c/android
8 comments fedilink hide all child comments
 

Users of android ROMs or rooted devices are often unable to use certain apps because they make a request to google to check whether the phone is "safe" or "secure" or whatever wording they use. Is there a way to trick those apps? Pretend to be google, remove/replace the google check, or even intercept the check at runtime and return that "everything is alright"?

Game have been hacked, cracked, or what for ages. It's surely possible with android apps, isn't it?

you are viewing a single comment's thread
view the rest of the comments
[–] Magister 5 points 1 day ago (1 children)

Yes, mostly using Magisk and addon, I used it for a couple of years on a rooted device, to fool banking app and netflix and whatnot, but it's a cat and mouse game... android update something, next time you want to tap to pay, it does not work, you have to go on XDA and search for the right addon/trick to fool it again, and 2 weeks later, same thing... after doing it for months/years, it's boring and annoying...

Keep a "secure" phone with locked bootloader for banking/tap to pay etc, and use others phones to tinker with, install ROM, etc.

[–] kolorafa 5 points 1 day ago* (last edited 1 day ago) (1 children)

Best to buy phones that you can relock your bootloader, from memory I can only think of 2 phone manufacturers that allow that: Fairphone and Pixel phones that allow you to relock bootloader.

I bought Fairphone 5 with Degoogled /e/ OS from Murena to avoid that annoying cat and mouse game. I bought from murena website to get my phone already with degoogled firmware flashed.

In my case bootloader is locked with google attestation so 99,9% apps works, including Banks apps with TAP to pay. Bank payments that dont use google pay but implent NFC directly works (so except for google pay other pay method should work).

Both my bank apps works with tap to pay, But Your milage may vary.

Im happy with my phone. Due to all that, not a single app had issues with "valid OS checks" because it actually is valid, it did came directly from seller and never got unlocked/flashed.

It is locked but I should be able to unlock bootlader, flash different firmware version and lock it back up making the attestation valid again but didn't do that yet so can't be 100% sure.

[–] [email protected] 4 points 1 day ago (1 children)

/e/ OS and Graphene OS are having trouble with certain banking apps already because "it's not the original firmware" or something. Some people have reported contacting their banks and explaining how to add exceptions for the specific ROMs, but banks don't give a fuck.

I was hoping instead of emulating a "safe" phone, that there would be some way to modify the application for it to never make the safety request.

[–] [email protected] 2 points 1 day ago

Unfortunately, maintaining hacked forked versions of specific apps is even more time consuming for devs than it is for us to just spoof our security environment on our phones. Popular apps like YouTube have such versions but that's only because the userbase is there.

I've seen some XDA discussion on hacking apps but you're actually just learning to become a programmer/hacker at that point. If you have a specific app, and you're not able to hack it yourself, unfortunately spoofing via Magisk & Tricky Store is the only sustainable way.